Accountability (the goal of the accountability is to ensure that you are able to determine who is the attacker in the case that something goes wrong)

Availability (an available system is one that can respond to it’s users in a reasonable timeframe)

Non-repudiation (is the act of ensuring the undeniability of a transaction by any of the parties involved)

Chapter 2: Secure Systems Design

The chapter contains some general advices in order to design secure systems. The fist advice is that it must understand the threats that can impact your project/organization. The author enumerate some of the possible security threads that can occur if the security is not part of the product design: web site defacement, computer infiltration (using buffer overflow, command injection, etc), phishing, pharming (dns cache poisoning), click fraud, denial-of-service.In order to present various security design problems, the authors presents the code of a simple web server (you can find teh code here); the web server is written in Java language and a complete code walk through is made in the chapter.

I must admit that was very hard to extract the essence (the main ideas ) of this chapter, for me the style is very unclear and I simply think that a part of this chapter would had a better place into the next chapter (Secure Design Principles).

Chapter 3: Secure Design Principles

In this chapter the authors enumerate and explain various principles in order to create a secure system. The following principles are explained:

fail-safe stance or failing securely (design a system in such way that even if one or more components fail, the system can still ensure some level of security). In order to explain this principle, the authors will use the web server from the previous chapter.

secure by default (when designing a system, by default should be optimized for security wherever possible)

simplicity (keep the software as simple as possible to preserve the software security)

usability (in order to be usable, a software product should let the users to accomplish the tasks that the software is mean in most securely way). It is true that the usability and the security are sometimes 2 antagonist properties.

Chapter 4: Exercises for Part 1

The chapter contains some exercises linked to the previous chapters. Some of the exercises are just questions about things explained in the previous chapters, others are programming exercises (mount an attack to the web server or implement a basic HTTP authentication).